E-mail counts as user identifying information per the GDPR, so clearly they have kept user identifying information so the GDPR applies.
Even an IP address is user identifying information per the GDPR, which is why if for example a website wants to be compliant without obtaining explicit user authorization, it needs to do things like not maintain logs with IP addresses for longer than it would be necessary to track down problems with the website or intrusion attempts.
Right, so e-mail address together with IP address would then make the e-mail that of an identifiable user under Art.4(1). So the OP needs to find out if an IP address was logged and retained in connection with the email address.
Does the GDPR have teeth against this kind of violation? Could Reddit be hit hard with violation fees?
If the user resides in Europe then yeah. This means they didn’t follow GDPR and still retain data on user(s).
It’s in the GDPR jurisdiction but Reddit accounts are anonymous AFAIK. IMO the GDPR does not protect anonymous data.
/cc @Gork@lemm.ee
E-mail counts as user identifying information per the GDPR, so clearly they have kept user identifying information so the GDPR applies.
Even an IP address is user identifying information per the GDPR, which is why if for example a website wants to be compliant without obtaining explicit user authorization, it needs to do things like not maintain logs with IP addresses for longer than it would be necessary to track down problems with the website or intrusion attempts.
Right, so e-mail address together with IP address would then make the e-mail that of an identifiable user under Art.4(1). So the OP needs to find out if an IP address was logged and retained in connection with the email address.